Six fewer DoS vulnerabilities in new Wireshark version
In Version 0.99.6 of the network protocol analyser Wireshark (formerly Ethereal), multiple vulnerabilities have been eliminated which, among other things, could influence the stability and security of a system. As already noted in many of the previous vulnerabilities in Wireshark and Ethereal, errors have occurred during the reading of capture files or while analysing specific protocol packets. In this latest case, Wireshark crashed during the parsing of crafted HTTP chunked response packets and DHCP/BOOTP packets.
The analysis of faulty DCP-ETSI, SSL and MMS packets could exhaust system memory or created an infinite loop. Ultimately, Wireshark crashed while reading specific iSeries capture files. In addition, some vulnerabilities have been fixed in Version 0.99.6 which are not relevant to security.
- Wireshark 0.99.6 Release Notes, security advisory from Wireshark.org
(mba)